I have added monitoring for the execution of binaries used to read files. The current configuration only logs the reading of predefined files, such as /etc/passwd (except for actions performed by the root user). For example, if we have a sensitive file located in a directory like /opt/CustomApp/Sensitive.conf, I believe the current configuration does not log this action.
Hi,
I have added monitoring for the execution of binaries used to read files. The current configuration only logs the reading of predefined files, such as /etc/passwd (except for actions performed by the root user). For example, if we have a sensitive file located in a directory like /opt/CustomApp/Sensitive.conf, I believe the current configuration does not log this action.